Linux Kernel Vulnerability in Netfilter's Synproxy Object Handling
CVE-2025-40206

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40206?

A vulnerability in the Linux kernel's netfilter component allows for unexpected behavior when referencing synproxy stateful objects within the OUTPUT hook. This error can lead to kernel crashes due to infinite recursive calls, compromising system stability. If an attempt is made to utilize a synproxy object without proper validation, an operational error is returned. Fixes have been implemented to enforce validation for synproxy object types, preventing system crashes and ensuring safe operation.

Affected Version(s)

Linux ee394f96ad7517fbc0de9106dcc7ce9efb14f264 < 0028e0134c64d9ed21728341a74fcfc59cd0f944

Linux ee394f96ad7517fbc0de9106dcc7ce9efb14f264 < 7ea55a44493a5a36c3b3293b88bbe4841f9dbaf0

Linux ee394f96ad7517fbc0de9106dcc7ce9efb14f264 < 4c1cf72ec10be5a9ad264650cadffa1fbce6fabd

References

https://git.kernel.org/stable/c/0028e0134c64d9ed21728341a...

https://git.kernel.org/stable/c/7ea55a44493a5a36c3b3293b8...

https://git.kernel.org/stable/c/4c1cf72ec10be5a9ad264650c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON